You *should* do it via a stored procedure, but if you insist on putting the sql into your code, do it this way:
string query = string.Format("UPDATE mytable SET col1='{0}', col2={1}.... where id={3}", mystringvalue, myintegervalue, myIDValue);
SqlConnection connection = new SqlConnection(myconnectionstring)
connection.Open();
SqlCommand cmd = new SQlCommand(query, connection);
cmd.CommandType=CommandType.Text
int rowAffected = cmd.ExecuteNonQuery()
connection.Close();
The code above was typed off the top of my head, so it may need to be tweaked. It also doesn't include any exception handling because i want to give someone else a chance to get reputation points for asking the inevitable questions you'll have about why your code fails. Finally, ALL of the info I've provided is easily located on Google with the simplest of google searches.